fs_mgr: support using libavb to enable dm-verity
external/avb/libavb provides the new Android Verified Boot (AVB) flow.
It has different verity metadata format than previous formats in
fs_mgr_verity.cpp fs_mgr should support using libavb to read the metadata
(a.k.a. HASHTREE descriptor in AVB) to enable dm-verity in kernel.
Two important files in this commit:
- fs_mgr_avb_ops.c: an implementation of struct AvbOps* for libavb to do
platform dependent I/O operations, e.g., read_from_partition.
- fs_mgr_avb.cpp: it reads the metadata (a.k.a. vbmeta images in AVB) from
all partitions, verifies its integrity against the values of
androidboot.vbmeta.{hash_alg, size, digest} passed from bootloader in
kernel command line. Then enable dm-verity for partitions having the
corresponding HASHTREE descriptor and with an 'avb' fstab flag.
Bug: 31264231
Test: Enable dm-verity on /system partition
Test: Enable dm-verity with FEC on /system partition
Change-Id: I4652806984fe5a30c61be0839135b5ca78323d38
diff --git a/fs_mgr/Android.mk b/fs_mgr/Android.mk
index 8d5b51b..e321c17 100644
--- a/fs_mgr/Android.mk
+++ b/fs_mgr/Android.mk
@@ -11,7 +11,8 @@
libcrypto \
libext4_utils \
libsquashfs_utils \
- libselinux
+ libselinux \
+ libavb
include $(CLEAR_VARS)
LOCAL_CLANG := true
@@ -22,7 +23,9 @@
fs_mgr_format.c \
fs_mgr_fstab.c \
fs_mgr_slotselect.c \
- fs_mgr_verity.cpp
+ fs_mgr_verity.cpp \
+ fs_mgr_avb.cpp \
+ fs_mgr_avb_ops.cpp
LOCAL_C_INCLUDES := \
$(LOCAL_PATH)/include \
system/vold \